Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-3792

ChangeStreams are not triggered anymore when AutoEncryptionSettings are used

    • Type: Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 4.0.5
    • Component/s: Reactive Streams, Scala
    • None
    • Environment:
      windows 7, 10, 2012
      jdk 11
      atlas 4.2.8
      scala 2.13.1
      "org.mongodb.scala" %% "mongo-scala-driver" % "4.0.5"

      We activated client side field encryption following the relevant guides.

        private val client = {
          val jKmsProviders = kmsProviders.map { case (k, v) => (k, v.asJava) }.asJava
          val autoEncryptionSettings = AutoEncryptionSettings
            .builder()
            .keyVaultNamespace("encryption.__keyvault")
            .kmsProviders(jKmsProviders)
            .build()
      
          MongoClient(
            MongoClientSettings
              .builder()
              .applyConnectionString(new ConnectionString(mongoConfig.connectionString))
              .autoEncryptionSettings(autoEncryptionSettings)
              .codecRegistry(MongoClient.DEFAULT_CODEC_REGISTRY)
              .uuidRepresentation(UuidRepresentation.JAVA_LEGACY)
              .build()
          )
        }
      

      We use the AutoEncryptionSettings to get transparent En-/Decrypt for one of our fields.
      This works fine.

      Unfortunately this stops all our watches from being triggered on any change.
      It doesn't matter if the watched colletion uses encrypted fields or not.

        override def watch(callback: (A, Action) => Unit): Unit =
          coll
            .watch()
            .subscribe((csd: ChangeStreamDocument[DTO]) => {
              val (c, op) = (csd.getFullDocument, csd.getOperationType)
              logger.debug("Found {} with {}", ct, c)
              fromDto(c) match {
                case Right(a) =>
                  op match {
                    case OperationType.INSERT                         => callback(a, Action.Insert)
                    case OperationType.UPDATE | OperationType.REPLACE => callback(a, Action.Update)
                    case OperationType.DELETE                         => callback(a, Action.Delete)
                    case _                                            => logger.warn("Operation on {} of type {} not supported", ct, op)
                  }
                case Left(t) =>
                  logger.warn("Could not transform {} with {} (reason: {})", ct, c, t)
              }
            })
      

      If we remove the AutoEncryptionSettings from our connection all watches work again.

            Assignee:
            ross@mongodb.com Ross Lawley
            Reporter:
            martin.thomalla@rwe.com Martin Thomalla
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: